package f;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Hashtable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.apache.log4j.xml.DOMConfigurator;

/* loaded from: classes.dex */
public final class y implements j {
    public static final Logger n = a.a.a();
    public static Class o = null;
    public static h p = null;
    public KeyStore d;
    public Hashtable<String, Key> j;
    public Hashtable k;
    public Hashtable l;
    public Hashtable m;

    /* renamed from: a, reason: collision with root package name */
    public boolean f46a = false;

    /* renamed from: b, reason: collision with root package name */
    public String f47b = DOMConfigurator.EMPTY_STR;

    /* renamed from: c, reason: collision with root package name */
    public boolean f48c = false;
    public final X509Certificate[] e = new X509Certificate[3];

    /* renamed from: f, reason: collision with root package name */
    public X509Certificate f49f = null;
    public X509Certificate g = null;
    public X509Certificate h = null;
    public X509Certificate i = null;

    public static void i(Certificate[] certificateArr) {
        PublicKey publicKey;
        Logger logger;
        String str;
        String str2 = DOMConfigurator.EMPTY_STR;
        if (certificateArr == null || certificateArr.length == 0) {
            throw new v(t.NULL_ARGUMENTS_AREN_T_ALLOWED);
        }
        try {
            try {
                X509Certificate x509Certificate = null;
                int length = certificateArr.length - 1;
                String str3 = DOMConfigurator.EMPTY_STR;
                while (length >= 0) {
                    try {
                        X509Certificate c2 = d.c(certificateArr[length].getEncoded());
                        str3 = c2.getSubjectDN().getName();
                        String name = c2.getIssuerDN().getName();
                        if (x509Certificate == null) {
                            if (str3.compareTo(name) != 0) {
                                throw new v(t.SUBJECT_AND_ISSUER_FROM_ROOT_CERTIFICATE_DOESN_T_MATCH, new Object[]{str3, name});
                            }
                            publicKey = c2.getPublicKey();
                        } else {
                            if (str2.compareTo(name) != 0) {
                                throw new v(t.SUBJECT_OF_PARENT_CERTIFICATE_DOESN_T_MATCH_TO_ISSUER_OF_CLIENT_CERTIFICATE, new Object[]{str2, name});
                            }
                            publicKey = x509Certificate.getPublicKey();
                        }
                        c2.verify(publicKey);
                        try {
                            c2.checkValidity();
                        } catch (CertificateExpiredException unused) {
                            logger = n;
                            str = "Client certificate " + str3 + " validity has expired!";
                            logger.warn(str);
                            length--;
                            str2 = str3;
                            x509Certificate = c2;
                        } catch (CertificateNotYetValidException unused2) {
                            logger = n;
                            str = "Client Certificate " + str3 + " is not yet valid!";
                            logger.warn(str);
                            length--;
                            str2 = str3;
                            x509Certificate = c2;
                        }
                        length--;
                        str2 = str3;
                        x509Certificate = c2;
                    } catch (SignatureException e) {
                        e = e;
                        str2 = str3;
                        throw new v(t.COULDN_T_VERIFY_CLIENT_SIGNATURE_OF_CERTIFICATE, e, new Object[]{str2});
                    }
                }
            } catch (SignatureException e2) {
                e = e2;
            }
        } catch (InvalidKeyException e3) {
            throw new v(t.INVALID_KEY_USED_TO_CHECK_CERTIFICATE_SIGNATURE, e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new v(t.UNABLE_TO_OBTAIN_CRYPTOGRAPHICAL_ALGORITHM_TO_CHECK_CERTIFICATE_SIGNATURE, e4);
        } catch (NoSuchProviderException e5) {
            throw new v(t.COULDN_T_USE_JCE_PROVIDER_TO_VERIFY_CERTIFICATE_SIGNATURE, e5);
        } catch (CertificateException e6) {
            throw new v(t.COULDN_T_CHECK_CERTIFICATE_CHAIN, e6);
        }
    }

    @Override // f.j
    public final boolean a(String str) {
        if (!this.f48c) {
            throw new v(t.INVALID_CALL_VALIDATE_SESSION_KEY_REFERENCE, new Object[]{"No valid tester license file given."});
        }
        if (str == null || str.length() == 0) {
            throw new v(t.NULL_ARGUMENTS_AREN_T_ALLOWED_PLEASE_CALL_WITH_A_NOT_NULL_ARGUMENT);
        }
        Hashtable<String, Key> hashtable = this.j;
        if (hashtable == null || hashtable.isEmpty()) {
            throw new v(t.SESSION_KEY_LIST_IS_NULL_OR_CONTAINS_NO_SESSION_KEYS);
        }
        return this.j.containsKey(str);
    }

    @Override // f.j
    public final int b() {
        return 1;
    }

    @Override // f.j
    public final boolean c() {
        return this.f48c;
    }

    @Override // f.j
    public final X509Certificate d() {
        if (this.f48c) {
            return this.f49f;
        }
        return null;
    }

    @Override // f.j
    public final byte[] e(byte[] bArr) {
        if (this.f48c) {
            return d.g(20, k(this.f47b), bArr);
        }
        throw new v(t.INVALID_CALL_FOR_CRYPTO_ROUTINES_FOR_MSM, new Object[]{"No valid tester license file given."});
    }

    @Override // f.j
    public final Key f(m mVar, String str) {
        String str2;
        StringBuilder sb;
        boolean z = this.f48c;
        if (!z) {
            throw new v(t.INVALID_CALL_FOR_DECRYPT_WITH_SESSION_KEY, new Object[]{"No valid tester license file given."});
        }
        if (mVar == null || (str2 = mVar.d) == null || mVar.f29c == null || str == null) {
            throw new r(t.NULL_ARGUMENTS_AREN_T_ALLOWED_PLEASE_CALL_WITH_CORRECT_PARAMETERS);
        }
        if (mVar.f27a) {
            int i = mVar.f28b;
            Logger logger = d.f14a;
            return d.j(e.c(str2), i);
        }
        if (!z) {
            throw new v(t.INVALID_CALL_FOR_KEY_REFERENCE_KEYS, new Object[]{"No valid tester license file given."});
        }
        if (str.length() == 0) {
            throw new r(t.NULL_ARGUMENTS_AREN_T_ALLOWED);
        }
        Key key = this.j.get(str);
        if (key == null) {
            throw new r(t.UNABLE_TO_GET_SESSION_KEY_WITH_NAME, new Object[]{str});
        }
        Logger logger2 = d.f14a;
        byte[] c2 = e.c(mVar.d);
        String algorithm = key.getAlgorithm();
        try {
            if (algorithm.compareTo("RSA") != 0) {
                sb = new StringBuilder();
                sb.append(algorithm);
                sb.append("/CBC/PKCS5Padding");
            } else {
                sb = new StringBuilder();
                sb.append(algorithm);
                sb.append("/CBC/PKCS1Padding");
            }
            Cipher cipher = Cipher.getInstance(sb.toString());
            try {
                int length = key.getEncoded().length;
                byte[] bArr = new byte[length];
                for (int i2 = 0; i2 < length; i2++) {
                    bArr[i2] = 0;
                }
                cipher.init(2, key, new IvParameterSpec(bArr));
                try {
                    return d.j(cipher.doFinal(c2), mVar.f28b);
                } catch (BadPaddingException e) {
                    throw new v(t.WRONG_PADDING_FOR_THIS_CRYPTO_ALGORITHM, e);
                } catch (IllegalBlockSizeException e2) {
                    throw new v(t.ILLEGAL_BLOCK_SIZE_FOR_EN_AND_DECRYPTION, e2);
                }
            } catch (InvalidAlgorithmParameterException e3) {
                throw new v(t.COULD_NOT_INITIALIZE_CIPHER_OBJECT_WITH_GIVEN_ALGORITHM_ARAMETERS, e3);
            } catch (InvalidKeyException e4) {
                throw new v(t.UNSUFFICIENT_SUPPORT_OF_DECRYPTION_OF_JCE_PROVIDER, e4, new Object[]{"RSA"});
            }
        } catch (NoSuchAlgorithmException e5) {
            throw new v(t.UNSUFFICIENT_SUPPORT_OF_CRYPTO_ALGORITHM_, e5, new Object[]{algorithm});
        } catch (NoSuchPaddingException e6) {
            throw new v(t.UNSUFFICIENT_SUPPORT_OF_DECRYPTION_OF_JCE_PROVIDER, e6, new Object[]{"RSA"});
        }
    }

    @Override // f.j
    public final byte[] g() {
        byte[] byteArray;
        try {
            byteArray = m();
            Logger logger = n;
            if (logger.isDebugEnabled()) {
                logger.debug("Got EST certificate serial number: " + e.d(byteArray));
            }
        } catch (RuntimeException unused) {
            byteArray = this.f49f.getSerialNumber().toByteArray();
            Logger logger2 = n;
            if (logger2.isDebugEnabled()) {
                StringBuilder k = b.a.k("Got TLD certificate serial number: ");
                k.append(e.d(byteArray));
                logger2.debug(k.toString());
            }
        }
        return byteArray;
    }

    public final void h() {
        this.f48c = false;
    }

    public final char[] j(byte[] bArr) {
        return e.d(d.f(bArr, "SHA1")).toCharArray();
    }

    public final PrivateKey k(String str) {
        PrivateKey privateKey;
        Enumeration keys = this.m.keys();
        while (true) {
            if (!keys.hasMoreElements()) {
                privateKey = null;
                break;
            }
            String str2 = (String) keys.nextElement();
            if (str2 != null && str2.indexOf(str) >= 0) {
                privateKey = (PrivateKey) this.m.get(str2);
                break;
            }
        }
        if (privateKey != null) {
            return privateKey;
        }
        throw new v(t.TLD_RSA_KEY_WAS_NOT_FOUND_WITHIN_THE_TLD_INVALID_TLD_FILE);
    }

    public final void l(File file) {
        X509Certificate x509Certificate;
        h();
        x xVar = new x(file);
        this.l = new Hashtable();
        this.m = new Hashtable();
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    char[] j = j(new o().a(xVar.b()));
                                    KeyStore keyStore = KeyStore.getInstance("PKCS12");
                                    this.d = keyStore;
                                    keyStore.load(xVar.c(), j);
                                    Enumeration<String> aliases = this.d.aliases();
                                    while (aliases.hasMoreElements()) {
                                        String nextElement = aliases.nextElement();
                                        Certificate[] certificateChain = this.d.getCertificateChain(nextElement);
                                        if (certificateChain == null) {
                                            h();
                                            throw new v(t.NO_CERTIFICATES_FOUND_IN_TLD);
                                        }
                                        if (certificateChain.length == 1) {
                                            n.warn("****** Using workaround for buggy TLD.");
                                            if (nextElement.toLowerCase().indexOf("codier-encrypt") >= 0) {
                                                certificateChain[0] = f.a("codier-encrypt");
                                            } else if (nextElement.toLowerCase().indexOf("e-sys") >= 0) {
                                                certificateChain[0] = f.a("e-sys");
                                            }
                                        }
                                        if (!((X509Certificate) certificateChain[0]).getSubjectDN().toString().equalsIgnoreCase(nextElement)) {
                                            throw new v(t.CERTIFICATE_SUBJECT_IS_NOT_A_WELL_DEFINED_TLD_SUBJECT, new Object[]{"[Different TLD alias (" + nextElement + ") and Certificate subject: " + ((X509Certificate) certificateChain[0]).getSubjectDN().toString() + "]"});
                                        }
                                        Key key = this.d.getKey(nextElement, j);
                                        if (key == null) {
                                            throw new v(t.NO_CRYPTOGRAPHIC_KEYS_FOUND_WITHIN_TLD_INVALID_TLD_FILE);
                                        }
                                        this.m.put(nextElement, key);
                                        if (nextElement.toLowerCase().indexOf("codier-encrypt") >= 0) {
                                            this.l.put(certificateChain[0], nextElement);
                                        } else {
                                            if (nextElement.toLowerCase().indexOf("-sys") < 0) {
                                                h();
                                                throw new v(t.CERTIFICATE_SUBJECT_IS_NOT_A_WELL_DEFINED_TLD_SUBJECT, new Object[]{nextElement});
                                            }
                                            this.f49f = (X509Certificate) certificateChain[0];
                                            this.f47b = nextElement;
                                        }
                                    }
                                    xVar.a();
                                    if (this.l.isEmpty() || (x509Certificate = this.f49f) == null) {
                                        h();
                                        throw new v(t.IT_WAS_NOT_POSSIBLE_TO_READ_COMPLETE_CERTIFICATE_CHAIN_FROM, new Object[]{"sec_security.lic"});
                                    }
                                    X509Certificate[] x509CertificateArr = this.e;
                                    x509CertificateArr[0] = x509Certificate;
                                    i(x509CertificateArr);
                                    Enumeration keys = this.l.keys();
                                    while (keys.hasMoreElements()) {
                                        this.e[0] = (X509Certificate) keys.nextElement();
                                        i(this.e);
                                    }
                                    this.e[0] = null;
                                } catch (NoSuchAlgorithmException e) {
                                    h();
                                    throw new v(t.UNABLE_TO_DECRYPT_TLD, e);
                                }
                            } catch (FileNotFoundException e2) {
                                h();
                                throw new r(t.TESTER_LICENSE_FILE_NOT_FOUND, e2, new Object[]{file.getAbsolutePath()});
                            }
                        } catch (KeyStoreException e3) {
                            h();
                            throw new v(t.UNABLE_TO_DECRYPT_TLD, e3, new Object[]{file.getAbsolutePath()});
                        }
                    } catch (CertificateException e4) {
                        h();
                        throw new v(t.UNABLE_TO_DECRYPT_TLD, e4);
                    }
                } catch (UnrecoverableKeyException e5) {
                    h();
                    throw new v(t.UNABLE_TO_DECRYPT_TLD, e5);
                }
            } catch (IOException e6) {
                h();
                throw new r(t.COULDN_T_READ, e6, new Object[]{file.getAbsolutePath()});
            } catch (IllegalArgumentException e7) {
                h();
                throw new r(t.TESTER_LICENSE_FILE_NOT_FOUND, e7, new Object[]{file.getAbsolutePath()});
            }
        } catch (Throwable th) {
            xVar.a();
            throw th;
        }
    }

    public final byte[] m() {
        if (!this.f46a) {
            throw new RuntimeException("EST-CM isn't connected; unable to read EST certificate serial number.");
        }
        try {
            o.getMethod("getEstSerialNo", new Class[0]);
            return e.c(p.b());
        } catch (Exception e) {
            n.log(Level.WARN, "EST-CM object may not be initialized or EST is not activated. Unable to read EST certificate serial number!");
            throw new RuntimeException("Unable to read EST certificate serial number.", e);
        }
    }
}
